Skip to main content

Validating the RBAC ANSI 2012 Standard Using B

  • Conference paper
Abstract State Machines, Alloy, B, TLA, VDM, and Z (ABZ 2014)

Abstract

We validate the RBAC ANSI 2012 standard using the B method. Numerous problems are identified: logical errors, inconsistencies, ambiguities, typing errors, missing preconditions, invariant violation, inappropriate specification notation. A clean version of the standard written in the B notation is proposed. We argue that the ad hoc mathematical notation used in the standard is inappropriate and we propose that a more methodological and tool-supported approach must definitely be used for writing standards, in order to avoid the issues identified in the paper. Human reviewing is insufficient to produce error-free international standards.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. ANSI. Role Based Access Control, INCITS 359-2004 (2004)

    Google Scholar 

  2. ANSI. Role Based Access Control, INCITS 359-2012 (2012)

    Google Scholar 

  3. Huynh, N., et al.: B Specification of the RBAC 2012 Standard (2014), http://info.usherbrooke.ca/mfrappier/RBAC-in-B

  4. Ferraiolo, D., Kuhn, R., Sandhu, R.: RBAC Standard Rationale: Comments on “A Critique of the ANSI Standard on Role-Based Access Control”. IEEE Security Privacy 5(6), 51–53 (2007)

    Article  Google Scholar 

  5. Kozen, D.: A completeness theorem for Kleene algebras and the algebra of regular events. Information and Computation 110, 366–390 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  6. Li, N., Byun, J.W., Bertino, E.: A critique of the ANSI Standard on Role-Based Access Control. Technical Report TR 2005-29, Purdue University (2005)

    Google Scholar 

  7. Li, N., Byun, J.W., Bertino, E.: A Critique of the ANSI Standard on Role-Based Access Control. IEEE Security Privacy 5(6), 41–49 (2007)

    Article  Google Scholar 

  8. O’ Connor, A.C., Loomis, R.J.: Economic Analysis of Role-Based Access Control. RTI International (2010)

    Google Scholar 

  9. Power, D., Slaymaker, M., Simpson, A.: On Formalizing and Normalizing Role-Based Access Control Systems. The Computer Journal 52(3), 305–325 (2009)

    Article  Google Scholar 

  10. Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS (2010)

    Google Scholar 

  11. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: Towards a unified standard. In: 5th ACM Workshop on Role-based Access Control, RBAC 2000, pp. 47–63. ACM (2000)

    Google Scholar 

  12. Schmidt, G., Ströhlein, T.: Relations and Graphs: Discrete Mathematics for Computer Scientists. EATCS Monographs on Theoretical Computer Science. Springer (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huynh, N., Frappier, M., Mammar, A., Laleau, R., Desharnais, J. (2014). Validating the RBAC ANSI 2012 Standard Using B. In: Ait Ameur, Y., Schewe, KD. (eds) Abstract State Machines, Alloy, B, TLA, VDM, and Z. ABZ 2014. Lecture Notes in Computer Science, vol 8477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43652-3_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43652-3_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43651-6

  • Online ISBN: 978-3-662-43652-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics